SOURCES: iptables-20070806.patch - TARPIT, geoip, ipp2p removed, use contem...
zbyniu
zbyniu at pld-linux.org
Wed Jun 4 13:30:50 CEST 2008
Author: zbyniu Date: Wed Jun 4 11:30:50 2008 GMT
Module: SOURCES Tag: HEAD
---- Log message:
- TARPIT, geoip, ipp2p removed, use contemporary versions from xtables-addons.spec
---- Files affected:
SOURCES:
iptables-20070806.patch (1.7 -> 1.8)
---- Diffs:
================================================================
Index: SOURCES/iptables-20070806.patch
diff -u SOURCES/iptables-20070806.patch:1.7 SOURCES/iptables-20070806.patch:1.8
--- SOURCES/iptables-20070806.patch:1.7 Wed May 21 23:52:49 2008
+++ SOURCES/iptables-20070806.patch Wed Jun 4 13:30:45 2008
@@ -5,25 +5,6 @@
+#!/bin/sh
+# True if IPV4OPTSSTRIP patch is applied.
+[ -f $KERNEL_DIR/net/ipv4/netfilter/ipt_IPV4OPTSSTRIP.c ] && echo IPV4OPTSSTRIP
-diff -urN iptables-1.3.8/extensions/.TARPIT-test iptables/extensions/.TARPIT-test
---- iptables-1.3.8/extensions/.TARPIT-test 1970-01-01 01:00:00.000000000 +0100
-+++ iptables/extensions/.TARPIT-test 2006-12-12 11:34:45.000000000 +0100
-@@ -0,0 +1,2 @@
-+#! /bin/sh
-+[ -f $KERNEL_DIR/net/ipv4/netfilter/ipt_TARPIT.c ] && echo TARPIT
-diff -urN iptables-1.3.8/extensions/.geoip-test iptables/extensions/.geoip-test
---- iptables-1.3.8/extensions/.geoip-test 1970-01-01 01:00:00.000000000 +0100
-+++ iptables/extensions/.geoip-test 2006-05-06 13:18:20.000000000 +0200
-@@ -0,0 +1,3 @@
-+#!/bin/sh
-+# True if geoip is applied in given kernel tree.
-+[ -f $KERNEL_DIR/include/linux/netfilter_ipv4/ipt_geoip.h ] && echo geoip
-diff -urN iptables-1.3.8/extensions/.ipp2p-test iptables/extensions/.ipp2p-test
---- iptables-1.3.8/extensions/.ipp2p-test 1970-01-01 01:00:00.000000000 +0100
-+++ iptables/extensions/.ipp2p-test 2004-07-13 13:43:15.000000000 +0200
-@@ -0,0 +1,2 @@
-+#! /bin/sh
-+[ -f $KERNEL_DIR/include/linux/netfilter_ipv4/ipt_ipp2p.h ] && echo ipp2p
diff -urN iptables-1.3.8/extensions/.ipv4options-test iptables/extensions/.ipv4options-test
--- iptables-1.3.8/extensions/.ipv4options-test 1970-01-01 01:00:00.000000000 +0100
+++ iptables/extensions/.ipv4options-test 2006-12-12 11:34:45.000000000 +0100
@@ -118,911 +99,6 @@
+The target doesn't take any option, and therefore is extremly easy to use :
+
+# iptables -t mangle -A PREROUTING -j IPV4OPTSSTRIP
-diff -urN iptables-1.3.8/extensions/libipt_TARPIT.c iptables/extensions/libipt_TARPIT.c
---- iptables-1.3.8/extensions/libipt_TARPIT.c 1970-01-01 01:00:00.000000000 +0100
-+++ iptables/extensions/libipt_TARPIT.c 2006-12-12 11:34:45.000000000 +0100
-@@ -0,0 +1,58 @@
-+/* Shared library add-on to iptables for TARPIT support */
-+#include <stdio.h>
-+#include <getopt.h>
-+#include <iptables.h>
-+
-+static void
-+help(void)
-+{
-+ fputs(
-+"TARPIT takes no options\n"
-+"\n", stdout);
-+}
-+
-+static struct option opts[] = {
-+ { 0 }
-+};
-+
-+static int
-+parse(int c, char **argv, int invert, unsigned int *flags,
-+ const void *entry,
-+ struct xt_entry_target **target)
-+{
-+ return 0;
-+}
-+
-+static void final_check(unsigned int flags)
-+{
-+}
-+
-+static void
-+print(const void *ip,
-+ const struct xt_entry_target *target,
-+ int numeric)
-+{
-+}
-+
-+static void save(const void *ip, const struct xt_entry_target *target)
-+{
-+}
-+
-+static struct xtables_target tarpit = {
-+ .next = NULL,
-+ .name = "TARPIT",
-+ .version = XTABLES_VERSION,
-+ .size = IPT_ALIGN(0),
-+ .userspacesize = IPT_ALIGN(0),
-+ .help = &help,
-+ .parse = &parse,
-+ .final_check = &final_check,
-+ .print = &print,
-+ .save = &save,
-+ .extra_opts = opts
-+};
-+
-+void _init(void)
-+{
-+ xtables_register_target(&tarpit);
-+}
-diff -urN iptables-1.3.8/extensions/libipt_TARPIT.man iptables/extensions/libipt_TARPIT.man
---- iptables-1.3.8/extensions/libipt_TARPIT.man 1970-01-01 01:00:00.000000000 +0100
-+++ iptables/extensions/libipt_TARPIT.man 2006-12-12 11:34:45.000000000 +0100
-@@ -0,0 +1,34 @@
-+Captures and holds incoming TCP connections using no local
-+per-connection resources. Connections are accepted, but immediately
-+switched to the persist state (0 byte window), in which the remote
-+side stops sending data and asks to continue every 60-240 seconds.
-+Attempts to close the connection are ignored, forcing the remote side
-+to time out the connection in 12-24 minutes.
-+
-+This offers similar functionality to LaBrea
-+<http://www.hackbusters.net/LaBrea/> but doesn't require dedicated
-+hardware or IPs. Any TCP port that you would normally DROP or REJECT
-+can instead become a tarpit.
-+
-+To tarpit connections to TCP port 80 destined for the current machine:
-+.IP
-+iptables -A INPUT -p tcp -m tcp --dport 80 -j TARPIT
-+.P
-+To significantly slow down Code Red/Nimda-style scans of unused address
-+space, forward unused ip addresses to a Linux box not acting as a router
-+(e.g. "ip route 10.0.0.0 255.0.0.0 ip.of.linux.box" on a Cisco), enable IP
-+forwarding on the Linux box, and add:
-+.IP
-+iptables -A FORWARD -p tcp -j TARPIT
-+.IP
-+iptables -A FORWARD -j DROP
-+.TP
-+NOTE:
-+If you use the conntrack module while you are using TARPIT, you should
-+also use the NOTRACK target, or the kernel will unnecessarily allocate
-+resources for each TARPITted connection. To TARPIT incoming
-+connections to the standard IRC port while using conntrack, you could:
-+.IP
-+iptables -t raw -A PREROUTING -p tcp --dport 6667 -j NOTRACK
-+.IP
-+iptables -A INPUT -p tcp --dport 6667 -j TARPIT
-diff -urN iptables-1.3.8/extensions/libipt_geoip.c iptables/extensions/libipt_geoip.c
---- iptables-1.3.8/extensions/libipt_geoip.c 1970-01-01 01:00:00.000000000 +0100
-+++ iptables/extensions/libipt_geoip.c 2006-12-05 04:36:39.000000000 +0100
-@@ -0,0 +1,335 @@
-+/* Shared library add-on to iptables to add geoip match support.
-+
-+ * This program is free software; you can redistribute it and/or modify
-+ * it under the terms of the GNU General Public License as published by
-+ * the Free Software Foundation; either version 2 of the License, or
-+ * (at your option) any later version.
-+ *
-+ * Copyright (c) 2004, 2005, 2006 Samuel Jean & Nicolas Bouliane
-+
-+ * For comments, bugs or suggestions, please contact
-+ * Samuel Jean <jix at bugmachine.ca>
-+ * Nicolas Bouliane <nib at bugmachine.ca>
-+ */
-+
-+#include <stdio.h>
-+#include <string.h>
-+#include <stdlib.h>
-+#include <getopt.h>
-+#include <ctype.h>
-+#include <stddef.h>
-+#include <errno.h>
-+#include <sys/types.h>
-+#include <sys/stat.h>
-+#include <unistd.h>
-+#include <iptables.h>
-+#include <linux/netfilter_ipv4/ipt_geoip.h>
-+
-+static void help(void)
-+{
-+ printf (
-+ "GeoIP v%s options:\n"
-+ " [!] --src-cc, --source-country country[,country,country,...]\n"
-+ " Match packet coming from (one of)\n"
-+ " the specified country(ies)\n"
-+ "\n"
-+ " [!] --dst-cc, --destination-country country[,country,country,...]\n"
-+ " Match packet going to (one of)\n"
-+ " the specified country(ies)\n"
-+ "\n"
-+ " NOTE: The country is inputed by its ISO3166 code.\n"
-+ "\n"
-+ "\n", XTABLES_VERSION
-+ );
-+}
-+
-+static struct option opts[] = {
-+ { "dst-cc", 1, 0, '2' }, /* Alias for --destination-country */
-+ { "destination-country", 1, 0, '2' },
-+ { "src-cc", 1, 0, '1' }, /* Alias for --source-country */
-+ { "source-country", 1, 0, '1' },
-+ { 0 }
-+};
-+
-+static void
-+init(struct xt_entry_match *m)
-+{
-+}
-+
-+/* NOT IMPLEMENTED YET
-+static void geoip_free(struct geoip_info *oldmem)
-+{
-+}
-+*/
-+
-+struct geoip_index {
-+ u_int16_t cc;
-+ u_int32_t offset;
-+} __attribute__ ((packed));
-+
-+struct geoip_subnet *
-+get_country_subnets(u_int16_t cc, u_int32_t *count)
-+{
-+ FILE *ixfd, *dbfd;
-+ struct geoip_subnet *subnets;
-+ struct geoip_index *index;
-+ struct stat buf;
-+
-+ size_t idxsz;
-+ u_int16_t i;
-+
-+ u_int16_t db_cc = 0;
-+ u_int16_t db_nsubnets = 0;
-+
-+ if ((ixfd = fopen("/var/geoip/geoipdb.idx", "r")) == NULL) {
-+ perror("/var/geoip/geoipdb.idx");
-+ exit_error(OTHER_PROBLEM,
-+ "geoip match: cannot open geoip's database index file");
-+ }
-+
-+ stat("/var/geoip/geoipdb.idx", &buf);
-+ idxsz = buf.st_size/sizeof(struct geoip_index);
-+ index = (struct geoip_index *)malloc(buf.st_size);
-+
-+ fread(index, buf.st_size, 1, ixfd);
-+
-+ for (i = 0; i < idxsz; i++)
-+ if (cc == index[i].cc)
-+ break;
-+
-+ if (cc != index[i].cc)
-+ exit_error(OTHER_PROBLEM,
-+ "geoip match: sorry, '%c%c' isn't in the database\n", COUNTRY(cc));
-+
-+ fclose(ixfd);
-+
-+ if ((dbfd = fopen("/var/geoip/geoipdb.bin", "r")) == NULL) {
-+ perror("/var/geoip/geoipdb.bin");
-+ exit_error(OTHER_PROBLEM,
-+ "geoip match: cannot open geoip's database file");
-+ }
-+
-+ fseek(dbfd, index[i].offset, SEEK_SET);
-+ fread(&db_cc, sizeof(u_int16_t), 1, dbfd);
-+
-+ if (db_cc != cc)
-+ exit_error(OTHER_PROBLEM,
-+ "geoip match: this shouldn't happened, the database might be corrupted, or there's a bug.\n"
-+ "you should contact maintainers");
-+
-+ fread(&db_nsubnets, sizeof(u_int16_t), 1, dbfd);
-+
-+ subnets = (struct geoip_subnet*)malloc(db_nsubnets * sizeof(struct geoip_subnet));
-+
-+ if (!subnets)
-+ exit_error(OTHER_PROBLEM,
-+ "geoip match: insufficient memory available");
-+
-+ fread(subnets, db_nsubnets * sizeof(struct geoip_subnet), 1, dbfd);
-+
-+ fclose(dbfd);
-+ free(index);
-+ *count = db_nsubnets;
-+ return subnets;
-+}
-+
-+static struct geoip_info *
-+load_geoip_cc(u_int16_t cc)
-+{
-+ static struct geoip_info *ginfo;
-+ ginfo = malloc(sizeof(struct geoip_info));
-+
-+ if (!ginfo)
-+ return NULL;
-+
-+ ginfo->subnets = get_country_subnets(cc, &ginfo->count);
-+ ginfo->cc = cc;
-+
-+ return ginfo;
-+}
-+
-+static u_int16_t
-+check_geoip_cc(char *cc, u_int16_t cc_used[], u_int8_t count)
-+{
-+ u_int8_t i;
-+ u_int16_t cc_int16;
-+
-+ if (strlen(cc) != 2) /* Country must be 2 chars long according
-+ to the ISO3166 standard */
-+ exit_error(PARAMETER_PROBLEM,
-+ "geoip match: invalid country code '%s'", cc);
-+
-+ // Verification will fail if chars aren't uppercased.
-+ // Make sure they are..
-+ for (i = 0; i < 2; i++)
-+ if (isalnum(cc[i]) != 0)
-+ cc[i] = toupper(cc[i]);
-+ else
-+ exit_error(PARAMETER_PROBLEM,
-+ "geoip match: invalid country code '%s'", cc);
-+
-+ /* Convert chars into a single 16 bit integer.
-+ * FIXME: This assumes that a country code is
-+ * exactly 2 chars long. If this is
-+ * going to change someday, this whole
-+ * match will need to be rewritten, anyway.
-+ * - SJ */
-+ cc_int16 = (cc[0]<<8) + cc[1];
-+
-+ // Check for presence of value in cc_used
-+ for (i = 0; i < count; i++)
-+ if (cc_int16 == cc_used[i])
-+ return 0; // Present, skip it!
-+
-+ return cc_int16;
-+}
-+
-+/* Based on libipt_multiport.c parsing code. */
-+static u_int8_t
-+parse_geoip_cc(const char *ccstr, u_int16_t *cc, struct geoip_info **mem)
-+{
-+ char *buffer, *cp, *next;
-+ u_int8_t i, count = 0;
-+ u_int16_t cctmp;
-+
-+ buffer = strdup(ccstr);
-+ if (!buffer) exit_error(OTHER_PROBLEM,
-+ "geoip match: insufficient memory available");
-+
-+ for (cp = buffer, i = 0; cp && i < IPT_GEOIP_MAX; cp = next, i++)
-+ {
-+ next = strchr(cp, ',');
-+ if (next) *next++ = '\0';
-+
-+ if ((cctmp = check_geoip_cc(cp, cc, count)) != 0) {
-+ if ((mem[count++] = load_geoip_cc(cctmp)) == NULL)
-+ exit_error(OTHER_PROBLEM,
-+ "geoip match: insufficient memory available");
-+ cc[count-1] = cctmp;
-+ }
-+ }
-+
-+ if (cp) exit_error(PARAMETER_PROBLEM,
-+ "geoip match: too many countries specified");
-+ free(buffer);
-+
-+ if (count == 0) exit_error(PARAMETER_PROBLEM,
-+ "geoip match: don't know what happened");
-+
-+ return count;
-+}
-+
-+static int
-+parse(int c, char **argv, int invert, unsigned int *flags,
-+ const void *entry,
-+ struct xt_entry_match **match)
-+{
-+ struct ipt_geoip_info *info
-+ = (struct ipt_geoip_info *)(*match)->data;
-+
-+ switch(c) {
-+ case '1':
-+ // Ensure that IPT_GEOIP_SRC *OR* IPT_GEOIP_DST haven't been used yet.
-+ if (*flags & (IPT_GEOIP_SRC | IPT_GEOIP_DST))
-+ exit_error(PARAMETER_PROBLEM,
-+ "geoip match: only use --source-country *OR* --destination-country once!");
-+
-+ *flags |= IPT_GEOIP_SRC;
-+ break;
-+
-+ case '2':
-+ // Ensure that IPT_GEOIP_SRC *OR* IPT_GEOIP_DST haven't been used yet.
-+ if (*flags & (IPT_GEOIP_SRC | IPT_GEOIP_DST))
-+ exit_error(PARAMETER_PROBLEM,
-+ "geoip match: only use --source-country *OR* --destination-country once!");
-+
-+ *flags |= IPT_GEOIP_DST;
-+ break;
-+
-+ default:
-+ return 0;
-+ }
-+
-+ if (invert)
-+ *flags |= IPT_GEOIP_INV;
-+
-+ info->count = parse_geoip_cc(argv[optind-1], info->cc, info->mem);
-+ info->flags = *flags;
-+ info->refcount = NULL;
-+ //info->fini = &geoip_free;
-+
-+ return 1;
-+}
-+
-+static void
-+final_check(unsigned int flags)
-+{
-+ if (!flags)
-+ exit_error(PARAMETER_PROBLEM,
-+ "geoip match: missing arguments");
-+}
-+
-+static void
-+print(const void *ip,
-+ const struct xt_entry_match *match,
-+ int numeric)
-+{
-+ const struct ipt_geoip_info *info
-+ = (const struct ipt_geoip_info *)match->data;
-+
-+ u_int8_t i;
-+
-+ if (info->flags & IPT_GEOIP_SRC)
-+ printf("Source ");
-+ else printf("Destination ");
-+
-+ if (info->count > 1)
-+ printf("countries: ");
-+ else printf("country: ");
-+
-+ if (info->flags & IPT_GEOIP_INV)
-+ printf("! ");
-+
-+ for (i = 0; i < info->count; i++)
-+ printf("%s%c%c", i ? "," : "", COUNTRY(info->cc[i]));
-+ printf(" ");
-+}
-+
-+static void
-+save(const void *ip,
-+ const struct xt_entry_match *match)
-+{
-+ const struct ipt_geoip_info *info
-+ = (const struct ipt_geoip_info *)match->data;
-+ u_int8_t i;
-+
-+ if (info->flags & IPT_GEOIP_INV)
-+ printf("! ");
-+
-+ if (info->flags & IPT_GEOIP_SRC)
-+ printf("--source-country ");
-+ else printf("--destination-country ");
-+
-+ for (i = 0; i < info->count; i++)
-+ printf("%s%c%c", i ? "," : "", COUNTRY(info->cc[i]));
-+ printf(" ");
-+}
-+
-+static struct xtables_match geoip = {
-+ .name = "geoip",
-+ .version = XTABLES_VERSION,
-+ .size = IPT_ALIGN(sizeof(struct ipt_geoip_info)),
-+ .userspacesize = offsetof(struct ipt_geoip_info, mem),
-+ .help = &help,
-+ .init = &init,
-+ .parse = &parse,
-+ .final_check = &final_check,
-+ .print = &print,
-+ .save = &save,
-+ .extra_opts = opts
-+};
-+
-+void _init(void)
-+{
-+ xtables_register_match(&geoip);
-+}
-diff -urN iptables-1.3.8/extensions/libipt_geoip.man iptables/extensions/libipt_geoip.man
---- iptables-1.3.8/extensions/libipt_geoip.man 1970-01-01 01:00:00.000000000 +0100
-+++ iptables/extensions/libipt_geoip.man 2006-12-06 04:08:33.000000000 +0100
-@@ -0,0 +1,15 @@
-+Match a packet by its source or destination country.
-+.TP
-+[\fB!\fR] \fB--src-cc\fR, \fB--source-country \fIcountry\fR[\fB,\fIcountry\fB,\fIcountry\fB,\fI...\fR]
-+Match packet coming from (one of) the specified country(ies)
-+.TP
-+[\fB!\fR] \fB--dst-cc\fR, \fB--destination-country \fIcountry\fR[\fB,\fIcountry\fB,\fIcountry\fB,\fI...\fR]
-+Match packet going to (one of) the specified country(ies)
-+.TP
-+NOTE:
-+The country is inputed by its ISO3166 code.
-+.P
-+The only extra files you need is a binary db (geoipdb.bin) & its index file (geoipdb.idx).
-+Both files are generated from a countries & subnets database with the csv2bin tool,
-+available at http://people.netfilter.org/peejix/geoip/. Both files MUST also be moved in /var/geoip/
-+as the shared library is statically looking for that pathname (ex.: /var/geoip/geoipdb.bin).
-diff -urN iptables-1.3.8/extensions/libipt_ipp2p.c iptables/extensions/libipt_ipp2p.c
---- iptables-1.3.8/extensions/libipt_ipp2p.c 1970-01-01 01:00:00.000000000 +0100
-+++ iptables/extensions/libipt_ipp2p.c 2006-03-29 10:59:21.000000000 +0200
-@@ -0,0 +1,396 @@
-+#include <stdio.h>
-+#include <netdb.h>
-+#include <string.h>
-+#include <stdlib.h>
-+#include <getopt.h>
-+#include <ctype.h>
-+
-+#include <iptables.h>
-+
-+#include <linux/netfilter_ipv4/ipt_ipp2p.h>
-+
-+static void
-+help(void)
-+{
-+ printf(
-+ "IPP2P v%s options:\n"
-+ " --ipp2p Grab all known p2p packets\n"
-+ " --edk [TCP&UDP] All known eDonkey/eMule/Overnet packets\n"
-+ " --dc [TCP] All known Direct Connect packets\n"
-+ " --kazaa [TCP&UDP] All known KaZaA packets\n"
-+ " --gnu [TCP&UDP] All known Gnutella packets\n"
-+ " --bit [TCP&UDP] All known BitTorrent packets\n"
-+ " --apple [TCP] All known AppleJuice packets\n"
-+ " --winmx [TCP] All known WinMX\n"
-+ " --soul [TCP] All known SoulSeek\n"
-+ " --ares [TCP] All known Ares\n\n"
-+ " EXPERIMENTAL protocols (please send feedback to: ipp2p at ipp2p.org) :\n"
-+ " --mute [TCP] All known Mute packets\n"
-+ " --waste [TCP] All known Waste packets\n"
-+ " --xdcc [TCP] All known XDCC packets (only xdcc login)\n\n"
-+ " DEBUG SUPPPORT, use only if you know why\n"
-+ " --debug Generate kernel debug output, THIS WILL SLOW DOWN THE FILTER\n"
-+ "\nNote that the follwing options will have the same meaning:\n"
-+ " '--ipp2p' is equal to '--edk --dc --kazaa --gnu --bit --apple --winmx --soul --ares'\n"
-+ "\nIPP2P was intended for TCP only. Due to increasing usage of UDP we needed to change this.\n"
-+ "You can now use -p udp to search UDP packets only or without -p switch to search UDP and TCP packets.\n"
-+ "\nSee README included with this package for more details or visit http://www.ipp2p.org\n"
-+ "\nExamples:\n"
-+ " iptables -A FORWARD -m ipp2p --ipp2p -j MARK --set-mark 0x01\n"
-+ " iptables -A FORWARD -p udp -m ipp2p --kazaa --bit -j DROP\n"
-+ " iptables -A FORWARD -p tcp -m ipp2p --edk --soul -j DROP\n\n"
-+ , IPP2P_VERSION);
-+}
-+
-+static struct option opts[] = {
-+ { "ipp2p", 0, 0, '1' },
-+ { "edk", 0, 0, '2' },
-+ { "dc", 0, 0, '7' },
-+ { "gnu", 0, 0, '9' },
-+ { "kazaa", 0, 0, 'a' },
-+ { "bit", 0, 0, 'b' },
-+ { "apple", 0, 0, 'c' },
-+ { "soul", 0, 0, 'd' },
-+ { "winmx", 0, 0, 'e' },
-+ { "ares", 0, 0, 'f' },
-+ { "mute", 0, 0, 'g' },
-+ { "waste", 0, 0, 'h' },
-+ { "xdcc", 0, 0, 'i' },
-+ { "debug", 0, 0, 'j' },
-+ {0}
-+};
-+
-+
-+
-+static void
-+init(struct xt_entry_match *m)
-+{
-+ struct ipt_p2p_info *info = (struct ipt_p2p_info *)m->data;
-+
-+ /*init the module with default values*/
-+ info->cmd = 0;
-+ info->debug = 0;
-+
-+}
-+
-+
-+static int
-+parse(int c, char **argv, int invert, unsigned int *flags,
-+ const void *entry,
-+ struct xt_entry_match **match)
-+{
-+ struct ipt_p2p_info *info = (struct ipt_p2p_info *)(*match)->data;
-+
-+ switch (c) {
-+ case '1': /*cmd: ipp2p*/
-+ if ((*flags & SHORT_HAND_IPP2P) == SHORT_HAND_IPP2P)
-+ exit_error(PARAMETER_PROBLEM,
-+ "ipp2p: `--ipp2p' may only be "
-+ "specified once!");
-+/* if ((*flags & SHORT_HAND_DATA) == SHORT_HAND_DATA)
-+ exit_error(PARAMETER_PROBLEM,
-+ "ipp2p: `--ipp2p-data' may only be "
-+ "specified alone!");*/
-+ if ((*flags) != 0)
-+ exit_error(PARAMETER_PROBLEM,
-+ "ipp2p: `--ipp2p' may only be "
-+ "specified alone!");
-+ if (invert) exit_error(PARAMETER_PROBLEM, "ipp2p: invert [!] is not allowed!");
-+ *flags += SHORT_HAND_IPP2P;
-+ info->cmd = *flags;
<<Diff was trimmed, longer than 597 lines>>
---- CVS-web:
http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/SOURCES/iptables-20070806.patch?r1=1.7&r2=1.8&f=u
More information about the pld-cvs-commit
mailing list